## Vulnerable Application

The 'pineapple_bypass_cmdinject' exploit attacks a weak check for
pre-authorized CSS files, which allows the attacker to bypass
authentication. The exploit then relies on the anti-CSRF vulnerability
(CVE-2015-4624) to obtain command injection.

This exploit uses a utility function in
/components/system/configuration/functions.php to execute commands once
authorization has been bypassed.

## Verification Steps

This exploit requires a "fresh" pineapple, flashed with version 2.0-2.3. The
default options are generally effective due to having a set state after being
flashed. You will need to be connected to the WiFi pineapple network (e.g. via
WiFi or ethernet).

Assuming the above 2.3 firmware is installed, this exploit should always work.
If it does not, try it again. It should always work as long as the pineapple is
in its default configuration.
